I recently had a discussion with a few colleagues about incident response. It started the way these conversations often do, with someone asking what “good” incident response really looks like and some of the incidents that I’ve worked on. That question sounds simple, but it is not. Before long, we were debating playbooks, tabletop exercises, […]
Standing in the Background of the Incident
I just got back from a trip to Disney World where my daughter was competing in cheer, and somewhere between the crowds, the rides, and the constant hum of people moving with purpose, I realized something odd. I was in the background of a lot of other people’s vacation photos. Not intentionally, It’s not in […]
Learning that mistakes might be the best career move you never planned (I hope)
I announced two weeks ago, that I in the job market after a short tenure at a company. I learned that there is a sentence that feels heavier than it should. “I’m back on the job market.” It lands with a thud, even when no one else reacts. It immediately invites a flood of questions. […]
Shadow Access: The Security Risk You Don’t See Until It’s Sitting in the Boardroom With You
After 20 plus years in technology and security, I’ve learned something important…well learned a lot of important things…but this is the one I’m writing about The biggest risks that we have that we aren’t aware of rarely come crashing through the front door, they slip in quietly because they already have access and no one […]
Common Mistakes New InfoSec Leaders Make (and How to Dodge Them Like a Pro)
I had lunch last week with a friend who just landed their first-ever leadership role in InfoSec and not just any role, a leadership role. They’d been promoted from lead security engineer to head of security, at a company that’s never had a separate formal InfoSec leader before. The company had grown, and security had […]
Securing Beyond the Standard: Building a Culture of Lasting Security
AI Generated
Mastering the Art of Communicating Your Security Success
While there is great value in the work that security professionals do every day, but communicating that success is key to helping build knowledge about what and how your program is doing. However, demonstrating the effectiveness of your cyber security measures to stakeholders—be they executives, employees, or clients—can be challenging. Here’s some thoughts on effectively […]
Helping Your Users Stay Safe Online Helps to Keep the Office From Catching Fire (You Know…Metaphorically Speaking)
I have rarely seen any Cyber Security Awareness Training at any company, explaining how I can take care of my assets, how I can avoid falling for scams or other things to help my browsing online. Now for me, that’s not a problem, I’ve been in IT and Information Security my whole life, and I’m cautious when I’m online at home or work, but I want to talk about why I would like that to change. Why training employees to be more suspicious online, can and will help them to be better at work.
What makes a good leader
Yesterday in the office, I got to have a great conversation with some of my colleagues. It started around the Crowdstrike incident and then somehow morphed into my leadership philosophy (I don’t remember how), but thought it would be good to share some of what I think makes a good leader (and I try to […]
Back to work: Security Thoughts to Have
In fact, with so many people returning to the office and potentially accessing sensitive information on your organization’s network, it’s more important than ever to ensure that proper security measures are in place. Either fully remote or fully in-the-office work can be thought of as a “fortress” approach to security, with the primary point of access being through the employee’s personal or organizational computer.
Recent Comments